Last modified 7 years ago Last modified on 12/06/11 20:39:54

Hanfis Root CA Data

SHA1 Fingerprint=D5:53:BA:37:7D:1B:AE:DF:26:AF:4F:2F:17:D8:7D:A5:8A:8D:17:11

howto install
CA setup howto

Private Certificates Information

certname cause access
postfix.pem postfix smtp server root read access only
www.pem main web server root read access only
mail.pem squirellmail root read access only
dev.pem development server root read acces only
dovecot.pem dovecot imap/pop3 server root read access only
poncho.pem user https server (formerly ponchos https) root read access only

Create a certificate

  • create a private key and certificate request file on host (-nodes if no passwort shall be used to secure the private key)
    openssl req -new [-nodes] -keyout server.key -out server.csr -days 365
  • secure private key and put it somewhere only the required user has access to
    chmod 400 server.key
  • send csr file to my server and sign it (pwd is /etc/ssl) policy_anything allows missmatch of organisation and such.
    openssl ca -policy policy_anything -out certs/server.crt -infiles /where/is/server.csr
  • delete the csr file to prevent double signing
    rm -f /where/is/server.csr
  • send certificate in /cert/server.crt to service host.

Certificate parameters

  • only common name mandatory.
  • use the HOSTNAME of the target machine.

Client Side certs for login

  • create a valid cert as above.
    openssl pkcs12 -export -in input.crt -inkey input.key -certfile root.crt -out bundle.p12

Use with Android

import into Android cert store.